Category: Guest Blog Post

More than half of the world—58.4 percent or 4.62 billion people—use social media.

Related: Deploying human sensors to stop phishing.

And while that’s incredible for staying connected with friends, organizing rallies, and sharing important messages, it’s also the reason we are facing a cyber security crisis.

A record 847,376 complaints of cyber-crime were reported to the FBI by the public, according to the FBI’s Internet Crime Report 2021—a 7 percent increase from 2020. This is now catching the attention of elected leaders like Senator Mark Warner and Senator Marco Rubio.

They recently called on the Federal Trade Commission (FTC) to investigate TikTok and parent company Byte Dance over its data handling. But why is social media such a catalyst for nefarious behavior?

As the founder of the leading cyber security firm OccamSec, I’ve seen first-hand how and why social media is such a weak point, even for the most careful people and companies. Here are the three main reasons.

Social Engineering

Social media lends itself to social engineering. What is that exactly? Well, old-school social engineering is when a criminal phones someone up pretending to be a CEO of your company, for example, claiming they’ve lost a document you need to send. You send it, and that person has a lot of private information about the company. Social engineering has gone from face to face or phone to phone to social media and the internet.

Stamford

Social media provides an effortless mechanism for manipulation. You create a profile on a platform, start friending people, and then you can gain more access to those people’s connections because you begin to look more legitimate. So, when someone reaches out to you, and you have mutual contacts, it’s easier to ask for personal or company information. It magnifies their trust and simultaneously removes the gut instinct.

If you met someone in a bar who said, “Hey, I work in the same company as you, give me access to your computer,” you would say, “No.” Your gut instinct would be this guy’s just creepy.

In social media, that’s taken away. If I connect to you, you link to me; then we have more mutual connections. From an attacker’s perspective, it lends itself massively to harvesting data, making manipulating people easier because it takes away the face-to-face element.

Attack Surface

There’s this concept of attack surface in hacking. So, if you think of your house, you’ve got the doors, windows, and maybe a skylight. If I’m a robber, that’s your attack surface. I increase the attack surface by adding more windows, a garage, and a yard.

What social media does, if you’re a company, is it blows your attack surface wide open. Now every single employee is online posting and is reachable. So, for example, if I want to breach Sony, I’ll go on LinkedIn, search for Sony, and get everyone who works there. Then I can look at TikTok, Instagram, and Facebook, find out my interests and friends, and be able to connect and get information eventually.

Convenience is Key

Convenience trumps security. A CEO needs to get a document sent to him on vacation and doesn’t have his laptop. So, it just gets sent to his phone. There’s an immediate breach of security due to convenience. Plus, it’s been proven you get a dopamine response from social media, leading to the cyber security risk. So many people are on social media that it’s easy for criminals to blast through that surface area.

Ultimately, companies and people need to consider how much they’re exposing. But, sadly, cyber security is difficult to maintain unless you stay off all social media. However, if we adopt some European privacy laws, we might be able to have more protection. Understanding the risks posed by social media, from social engineering to an increased attack surface, is the first step for organizations to take control of their cybersecurity to keep their employees, and business, safe.

About the essayist: Mark Stamford is the founder and CEO of OccamSec. He began dabbling with computers at age 8 and has over 20 years of experience in technology operations, including cybersecurity. He previously worked at UBS and KPMG.

Migrating to and utilizing cloud environments – public, hybrid, or multi – is a source of real investment and positive change for businesses. Cloud is the powerhouse that drives digital organizations.

Related: Cloud security frameworks take hold

Gartner predicts that spending on public cloud alone is set to top $500 billion in 2022 – a 20% growth over last year. But often overlooked in the migration process is the significance of a company’s embedded security measures.

For cloud migration programs to succeed in both the short and long-term, organizations must have an established cloud security policy to guide operations in the cloud, identify and mitigate vulnerabilities, and defend against cyberattacks – before a single byte is migrated.

But where should you begin? Following these steps will help you lay the foundation for a secure and sustainable cloud strategy.

•Design with security first. Although moving to the cloud should follow a standardized approach, the order of operations is often prioritized in favor of rapid results, not security. When security becomes an afterthought, best practices are overlooked, mistakes are made, and vulnerabilities are introduced that can result in significant risk, cost and breaks later.

By considering security first (not a detail to be added on later) and fully grasping cloud technology and risk exposure, your organization can ensure that the cloud architecture is secure before any data is migrated off-premises. It may slow the start but designing with security-first in mind can save you a lot of trouble down the road. For example, companies must plan to secure the perimeter with access protocols and controls – something that is very hard to do once systems are in use.

•Avoid using the same security measures as you do on-premises. Security controls will be a major aspect of your cloud security policy. While it’s essential to consider the security measures you use on-premises – don’t simply replicate them in the cloud. Instead, assess the security controls of your cloud vendor, specifically their identity and access management offerings – both of which increase security and convenience, if done right.

•Adopt a layered approach. A multi-layered defense is an essential component of any winning cloud cybersecurity posture. From the simplest protections like anti-virus, multi-factor authentication, patch management software, and employee security awareness training to the most advanced features like SIEM and conditional access, adding layers provides a vital safety net should something fall through the cracks.

As the business grows and new threats emerge, you can evolve and layer in additional controls as needed. The trick is not to go tool-crazy. Visibility into your cloud security posture is critical, but if it takes an army to sift through dashboards and alerts, things can quickly become unmanageable. Layer, but ensure good integrations of security information across your controls for full-stack observability.

•Know where your data resides – and what’s most critical. Knowing where your cloud data is stored (especially your most sensitive data) can help inform your security policies and meet compliance obligations, such as keeping data within domestic borders. As you craft your cloud security policy, ask your provider where your data is located geographically and if it is likely to be moved around different data centers to increase latency, meet SLAs, or mitigate data loss.

Schoener

What controls are in place to protect data as it moves? Also, prioritize what kinds of data is most important. By identifying the “crown jewels” in your data, you’ll be able to make better decisions on tools, time and talent regarding your security program. After all, if you don’t know what or where your most sensitive is stored, you can’t protect it.

•Revisit your policy often. At a minimum, plan to review your cloud security policy annually. However, if you plan several digital transformation projects or operate in an agile environment where applications are developed or updated rapidly, such as two-week sprints, consider tying your policy review to your rate of change. This will also likely be a compliance related need as regulations – such as the new proposed SEC rules – take shape.

•Make it sustainable. A cloud security policy can help keep cloud data protected and improve your ability to respond to threats quickly. But these measures must also be sustainable. You can’t reap the benefits of the cloud if you don’t make security a priority from the start. And for that you must cultivate a security-first mindset to migrations and future digital transformation.

About the essayist: Steve Schoener is Chief Technology Officer,  at ECI. Prior to ECI, he was head of IT for DW Investment Management in New York; he also previously was at UBS Investment Bank as an associate director. Schoener holds a computer science degree from State University of New York at Albany.

Technology provides opportunities to positively impact the world and improve lives.

Related: Why facial recognition ought to be regulated

It also delivers new ways to commit crimes and fraud. The U.S. Federal Bureau of Investigation (FBI) issued a public warning in June 2022 about a new kind of fraud involving remote work and deepfakes.

The making of Deepfakes

The world is on track to see around 50% of workers transition to sustained, full-time telecommuting. Conducting job interviews online is here to stay, and deepfakes may be part of that new normal.

The term refers to an image or video in which the subject’s likeness or voice was manipulated to make it look like they said or did something they didn’t.

The deepfake creator uses “synthetic media” applications powered by machine learning algorithms. The creator trains this algorithm on two sets of videos and images. One shows the target’s likeness as they move and speak in various environments. The second shows faces in different situations and lighting conditions. The application encodes these human responses as “low-dimensional representations” to be decoded into images and videos.

The result is a video of one individual convincingly overlaid with the face of another. The voice is more difficult to spoof. However, faked images continuously look more convincing as algorithms learn and get better at mimicking general human mannerisms and the specific characteristics of the target.

Some bad actors also use this technology to create synthetic audio. One high-profile story saw criminals use a deepfake to impersonate a high-level executive over the phone and successfully authorize large fund transfers. The losses totaled $243,000, and the fraud tricked individuals in the company who knew the real person.

Amos

Even deepfake examples designed to educate the public — like a doctored video of Nixon’s resignation speech — fool observers without meaning to.

The FBI’s warning

The FBI announced that its Internet Crime Complaint Center (IC3) had observed an uptick in employment-related fraud involving stolen personally identifiable information (PII) and deepfakes. These fraudsters frequently use ill-gotten PII to create synthetic images and videos to apply for work-at-home positions. Some of the roles include:

•Information technology (IT)

•Database design and maintenance

•Computer programming and app design

•Finance- and employment-related technology

Some of these roles involve handling intellectual property as well as employee, patient or client PII. The stakes are not as simple as lying one’s way into a new job. The larger goal is to use the stolen and synthesized likenesses to secure a position with proximity to valuable company data or personal information.

Protecting organizations

Deepfakes are convincing, but there are signs to look for. Machine learning isn’t flawless and sometimes results in an image with telltale artifacts such as:

•The subject blinks too frequently or not enough.

•The eyebrows or hair, or portions of them, don’t match the subject’s face or movements.

•The skin appears overly wrinkled or too flawlessly smooth.

•The voice’s pitch does not match other characteristics of the speaker.

•Reflections in the eyes or glasses don’t match the speaker’s surroundings.

•Other aspects of the speaker’s movement or appearance don’t match the video’s expected physics or lighting aspects.

Overlaying one individual’s likeness over someone else’s is seldom a seamless process. Spoofing a voice is likewise imperfect.

Even so, the losses accruing due to deepfake abuse are already staggering. A single example resulting from “deep voice” fakery resulted in a loss of $35 million in fraudulent bank transfers.

Best defense: awareness

The Nixon example was an attempt to educate the public through exposure. Jordan Peele’s deepfake of President Obama also sought to spread awareness. Elon Musk compared the use of deepfakes to “summoning the demon” to describe how dangerous they can be.

Beyond cultivating awareness, experts recommend companies and individuals take practical actions:

•Come up with a secret question or code word to exchange at the beginning of all online or phone conversations.

•Partner with a biometrics-focused security company and ensure their authentication technologies are up to the challenge.

•Educate employees and partners about deepfakes using the same techniques as general cybersecurity awareness.

Using technology to fight technology can take people only so far. The best defense for any new attack vector is vigilance, awareness and not being afraid to ask for confirmation when someone receives a request that raises suspicions.

About the essayist: Zac Amos writes about cybersecurity and the tech industry, and he is the Features Editor at ReHack. Follow him on Twitter or LinkedIn for more articles on emerging cybersecurity trends.

Our technological world is advancing at dizzying speeds.

Related: The coming of a ‘bio digital twin”

Over the last decade, we have seen the introduction of 4G and 5G telecommunication service, the iPad, Instagram, and the introduction, acceptance, and adoption of cloud services from Microsoft, Google, and Amazon, as well as cloud computing.

Add in an increasing focus on data becoming a crucial enterprise asset—as well as the introduction of countless database and analytical tools, digital twins, artificial intelligence, and machine learning—and we are dealing with unprecedented technical complexities and risk.

Digital twins are just one example of a complex system, but they expose companies to a lot of risk if they are not properly implemented with a cybersecurity plan in place. Digital twins are a digital representation of reality, either in physical or process form. For example, think of digital cities, or digital infrastructure assets.

Leveraging digital twins

One might operate a plant and then use the digital twin of that plant to plan maintenance and optimization and see what would happen before they execute in reality. Another example is a city using a digital twin so that they can model floods or earthquakes. Digital twins are incredibly useful.

But think of the risks. For example, what if a bad actor accesses a digital twin of a major dam or some other critical piece of infrastructure? They might be able to find the most vulnerable spots in the physical structure to stage a terrorist attack.

Rutkowski

Or what if a competitor got the digital twin of some complex machinery that a company invented? They would have that company’s IP in hand. Clearly, it is crucial that any digital twins (or other complex systems) are secured at the highest level.

The biggest challenge is that because digital twins are central to planning, operations, maintenance, and modeling, they cannot simply be locked up with high walls built around them. That would result in a digital twin that was once perfect but is now outdated.

Access security challenges

To gain maximum value, the digital twin must be used and kept evergreen, with constant updates, for planning, operations, maintenance, and modeling. Therefore, we must keep the digital twin as open as is needed.

The first step is to determine who needs to access the digital twin. Will they need to simply look at it, or download it, or update it?

Access needs to be provided to only those who need it, in the areas of the digital twin that they need, and at the appropriate level. These levels of access will ensure that everyone can do their jobs, but not so widely that they can even accidentally edit data that they should not have access to in the first place.

Another consideration is understanding what happens if a bad actor does get into the digital twin. What will happen? Will they steal IP? Can they access industrial control systems? Will they be able to get into the SCADA systems perhaps tied to the digital twin? Will they be able to gain control of all the monitors or other remote devices (in our Internet of Things world) tied to the digital twin?

Let’s hope not, but if so, it’s essential that companies understand the risks and have a plan to address them. They need a comprehensive cybersecurity plan. Depending on their security maturity, they may also decide to outsource the risk by having a managed service host their digital twin.

Managing scenarios

Whatever the solution, it is key to develop and practice response plans to various attacks. It is far too late to figure out who to call when a digital twin has been breached and a hacker has all the company’s IP or is in the digital twin changing things.

Instead, companies should create a list of scenarios that would pose a threat to their organization and then walk through each one with key stakeholders to identify who will need to be called, how the issue will be communicated, what cyber insurance will cover, and what next steps will be followed. Each scenario then needs practice, to ensure everyone is ready should a situation arise.

While it may all sound risky, we should not shy away from adopting and leveraging complex technology like digital twins. Preparation and planning are key. The payoff and return on investment are too great to just ignore.

However, we do need to carefully consider and address the cybersecurity risks and deploy responsibly so that everyone has the trust in the technology that they need to achieve full utilization.

About the essayist: Claire Rutkowski, is the chief information officer for Bentley Systems, a supplier of software solutions to accelerate project delivery and improve asset performance.

Cyber-attacks continue to make headlines, and wreak havoc for organizations, with no sign of abating. Having spiked during the COVID-19 pandemic, threats such as malware, ransomware, and DDoS attacks continue to accelerate.

Related: Apple tools abuse widespread

A10’s security research team recorded a significant spike in the number of potential DDoS weapons available for exploitation in 2021 and early 2022. The total number of DDoS weapons, which was previously recorded at 15 million, has grown by over 400,000 or 2.7 percent in a six-month period.

This includes a notable 2X increase in the number of obscure potential amplification weapons such as Apple Remote Desktop (ARD).

The war in Ukraine has seen likely state-sponsored attacks using these types of DDoS attacks. The Log4j vulnerability has predictably proved fertile ground for hackers as well, putting millions of systems at risk, with Russia accounting for more than 75 percent of Log4j scanners and helping drive. In this intensifying threat landscape, the urgency for modern DDoS defenses becomes clearer every day.

A new report by the A10 Networks security research team explores the global state of DDoS weapons and tactics. Key findings follow.

Ukraine targeted

DDoS attacks have long been a favorite tactic of bad actors for disruption. In a recent example, A10’s security research team observed significant, sustained attacks on Ukrainian government networks and commercial assets beginning February 24, 2022, the first day of the invasion.

These included targeted, large-scale attacks on a block of address associated with Kharkiv and Severodonetsk, and on the Secretariat of the Cabinet of the Ministers of Ukraine.

Nicholson

The largest of the attacks on Ukraine used amplification and reflection methods to increase their impact. The attack on the Secretariat of the Cabinet of the Ministers of Ukraine demonstrated a common strategy in which multiple requests are sent by the attacker; however,  the intended victim’s IP address is faked by the sender (spoofed) so the UDP-based services contacted will send replies to the victim’s IP.

The attacks on Kharkiv and Severodonetsk used a less common form of amplification leveraging Apple Remote Desktop (ARD) protocol on UDP port 3,283. In this case, the tactic achieved a response size of approximately 34X larger than the original request; A10 recorded two million requests to a single U.S.-based machine.

Log4j adds to the mix

The use of more obscure potential amplification weapons, such as ARD, more than doubled over the past year; the total number of amplification attack weapons worldwide reached 15 million.

On December 10, 2021, by the discovery of CVE-2021-44228, a critical vulnerability in the widely used Apache Log4j logging framework. According to NIST, the vulnerability allows attackers to carry out unauthenticated remote code executions (RCE) to install malware. Before its public disclosure, our team began scanning for affected hosts.

Within a week, activity was spiking in more than 10 countries, with three-quarters sourced from Russia. By December 20, 2021, we had detected clear signs that Log4j was being used for viral spread, with the potential to create massive botnets capable of carrying out large-scale DDoS attacks.

Zero-trust factors in

With the anticipated rise in cyber-attacks and state-sponsored cyber warfare given the ongoing Russia-Ukraine conflict, it is important for organizations to ensure that networks are not weaponized by adopting a Zero Trust framework. Central to Zero Trust is the idea of “never trust, always verify”—using continuous checks throughout the network to ensure that resources are accessed only by authorized users.

Micro-segmentation, micro-perimeters, comprehensive visibility, analytics, automation, and a well-integrated security stack complete the Zero Trust model.

When planning a Zero Trust policy for DDoS defense, a modern approach is needed. This modern set of technologies includes adaptive baselining to learn your network, threat intelligence to block known bad actors, artificial intelligence (AI) and machine learning (ML) to identify and stop zero-day threats, and automation at multiple levels to find and mitigate large, small, and stealthy DDoS attacks.

As a post-pandemic era takes shape, it’s clear that cyberattacks are here to stay—and organizations must act accordingly. Read the 2022 A10 Networks DDoS Threat Report for further insights, and steps you can take in response

About the essayist: Paul Nicholson is senior director, product marketing, at A10 Networks, a San Jose, Calif.-based supplier of security, cloud and application services. He has held technical and management positions at Intel, Pandesic and Secure Computing. 

Cybersecurity poses a risk to all businesses.

Related: Biden moves to protect critical infrastructure

Dataprot reports that 59 percent of Americans have experienced cybercrime in the past. An estimate stated that $6 trillion worth of damage was caused by cybercrime in 2022, making it vital for businesses to securely destroy data.

Deleting information from a hard disk drive (HDD) is not enough. Hackers can recover data from physical drives, even when the information has been removed. When businesses have spent years building trust with customers, it is important to take the necessary precautions to protect data and the brand’s reputation by destroying data effectively.

Limits to wiping

Deleting files isn’t enough to keep data safe. With the right tools, hackers can retrieve deleted files. Depending on the operating system, there may be built-in tools to erase data. This is a quick and convenient method but third-party utilities offer a greater level of security.

DBAN is a free tool but is limited in its abilities, as it only works on hard drives and not solid-state drives (SSD). Working independent of the operating system (OS), DBAN can wipe the entire machine. This is important for any businesses upgrading their hardware to new technology, as it allows for the safe transfer of data before it is removed from old machines.

Other tools, such as CCleaner, require an upgrade to the premium version in order to fully wipe data, and cannot wipe the drive hosting the OS as this is where it will be installed.

Wiping data is a good method of protection, but destroying the hard drive is the safest option. This prevents any fragments of data from being retrieved from old drives.

Mitchell

Hard drives present a security liability. With increasingly large storage capacities, they are capable of holding hundreds of thousands of sensitive data files. Just as there are tools to wipe HDD, there are tools for thieves and criminals to extract information from the HDD.

Cybercrime statistics from Dataprot states that 60 million Americans have experienced identity theft, highlighting the importance of destroying data completely.

It isn’t simply a matter of data security. A data breach will cost a company vital revenue and client trust. Business reputation is at stake, as many of the top security breaches are widely publicized and remembered many years later, such as the Yahoo hack of 2013 where 3 billion accounts were compromised. More recently, there was the 2022 Crypto.com hack which saw $18 million of Bitcoin and a further $15 million of Ethereum.

With a global study from IBM estimating that the average data breach cost in 2021 was $4.24 million, it is important to protect data and destroy the hard drive.

Destruction options

Destroying a hard drive is the most effective way of ensuring data cannot be retrieved from it. While there are a number of methods that can be used to destroy hard drives, some are more effective than others.

Drilling. Using a hand drill or a hammer to drive a nail through the hard drive will destroy the platter. However, it is a time-consuming process and often not the most effective solution for those seeking to completely destroy a hard drive.

Degaussing. For businesses with a significant turnover of old hard drives, a degausser is an effective solution. Using magnetic forces, the data in the device is scrambled and cannot be read.

Shredding. Just as shredding has proven to be an effective method for destroying sensitive data on paper, HDD and SSD shredders are specialized machines designed to cut hard drives into smaller pieces, rendering the drive and data useless. For many in high-security environments, this is one of the best solutions.

Disintegrating. Another high-security option for data destruction is disintegration. Disintegrators slice hard drives into smaller particles, ensuring that the drive cannot be reassembled.

Many businesses consider themselves to hold data security at the heart of everything that they do. Combining a complete data wipe with the destruction of the hard drive ensures data integrity while keeping clients’ trust and protecting the business’ reputation. In a time when data is constantly at risk and under siege, this is more important than ever.

About the essayist: Kyle Mitchell is the Commercial Sales Director at Whitaker Brothers, which has over 75 years of experience delivering industry-leading data destruction and security equipment solutions. 

Phishing itself is not a new or a particularly complicated threat. But the emergence of  advanced phishing techniques – “DeepSea Phishing” – poses an entirely new challenge for enterprises.

Related: Deploying human sensors

Phishing comes with a simple premise – lure someone to interact with a malicious link, file, or credentials-input, disguised as a legitimate email or website.

The financial impact of phishing attacks quadrupled over the past six years, with the average cost for U.S. companies rising to $14.8 million in 2021, compared with $3.8 million in 2015.

Despite increased public awareness of cybersecurity risks and safe browsing practices, the impact of phishing has increased exponentially – IBM’s 2021 Cost of Data Breach Report found phishing to be the second most expensive attack vector for enterprises.

Novel tactics

This is so, in part, because growing awareness has pushed hackers to create even more sophisticated means to plunder log-in information, or to lure employees to click on a malware-infected link – AKA next-gen, or “DeepSea” phishing.

These attacks use novel and rarely seen phishing techniques, often employing several layers of deception in parallel. Take this recent phishing attempt, which was identified by Perception Point’s Incident Response team: hackers first used an irregular URL structure to evade standard email threat detection systems, and sent users through a very convincing but fake two-factor authentication.

Because web browsers consider these malicious links to be URLs, they are opened automatically, compelling email recipients to unwittingly enter suspicious websites. In one of the cases, a malicious URL led to a fake Microsoft log-in page, almost indistinguishable from the original – but for the deployment of next-gen detection techniques.

“Spear phishing,” represents another example of DeepSea methodology, whereby malicious actors “scrape” personal information (primarily from social media) about their targets to make each phishing attempt more personalized and seem more legitimate.

Current solutions

Enterprise cybersecurity traditionally prevents such attacks in two ways: staff education, giving employees the tools they need to recognize and report suspicious emails that land in their inboxes; along with cybersecurity solutions, which prevent malicious emails from reaching inboxes in the first place.

Aminov

Unfortunately, the former category is becoming less and less effective as phishing becomes more and more sophisticated, with email clones looking increasingly indistinguishable from the real thing. Regarding the latter, cybersecurity solutions that were once industry standard are often unable to keep up with the rapidly changing threat landscape. This is in part due to the increased accessibility of phishing tools, with phishing kits even available to purchase by non-coder and amateur phishermen.

Advanced solutions

Emerging cybersecurity tools can be built with enterprise digitization and growing cloud-adoption in mind, as opposed to legacy solutions that are slow and frustratingly inflexible. These more traditional solutions are generally not cloud-native, and even if they have been refashioned to work in a cloud environment, the alterations often come with major drawbacks.

The heightened agility of emerging tech can better keep up with the rapidly evolving threat landscape, deploying techniques such as:

•Image recognition and natural language processing. These techniques can identify impersonation techniques or phishing attacks.

•Cloud native design. Advanced defensive algorithms are more dynamic, scalable, and primed for automation).

No-code services. These are easily adaptable packages of pre-written code which save R&D specialists time creating threat responses, allowing them to focus more on creative, preemptive solutions.

Adaptable SaaS solutions can allow enterprises of any shape and size to equip themselves with advanced threat protection, suited to rapidly changing business environments.

A prime example: the changing business environment, with its emphasis on remote and hybrid working, requires internet connectivity for a growing range of collaboration tools and cloud-based storage. Traditional sandboxes only scan 60 to 70 percent of the content traversing these interconnected channels – today’s enterprises must instead strive to cost-effectively vet 100 percent of incoming content — fast enough to support the companies’ business processes.

Measuring results

But there’s a catch: too many layers of protection can slow these digital systems. Jumping through numerous precautionary hoops for every single process or action will at best frustrate employees, and at worst, hinder their productivity. Thus, the goal of the modern cybersecurity company must be to empower enterprises at the sweet spot between protection and productivity.

Metrics around how many users report phishing, how many of these attacks are actual phishing, the variety of web locations where phishing occurs, and more, can help enterprises measure the efficiency of their cyber security solutions.

These numbers should drop over time, but that’s difficult  to track, particularly at large enterprises with thousands of incidents and reports. That’s why solutions that automate specific, and sometimes all of the cyber defense process – meaning these systems can natively track KPIs and save a lot of time and energy for beleaguered security operations center (SOC) teams.

Phishing is not a new threat type, but the emergence of advanced DeepSea Phishing techniques has created a new crisis for enterprises. Such is the challenging task of modern cybersecurity – white hat solutions must be as rapid, dynamic, determined, creative and unrelenting as the ever-evolving methods developed by the black hatters.

Enterprises must assume responsibility not only to provide top-notch cybersecurity education to their employees, but to invest in high-quality, quickly adaptable defense solutions as well. Fall short, and their vulnerabilities will grow as numerous as the fish in the sea.

About the essayist: Michael Aminov is  Co-Founder and Chief Architect of Perception Point, a supplier of phishing detection and remediation systems. He was formerly the Chief Architect of CyActive, which was acquired by Paypal; he is also a veteran of the Intelligence Corps of the Israel Defense Forces (IDF). He holds a BA in Computer Science from Ben-Gurion University of the Negev.

Gathering intelligence has always been a key tool for organisational decision making – understanding the external operating environment is the ‘101’ for business. How can you grasp the challenges and opportunities for your company without a deep understanding of all the contributing factors that make the company tick?

Related: We’re in the golden age of cyber espionage

Intelligence is required to support the evolving needs of business, providing information for decision makers throughout the company lifecycle – everything from entering and exiting markets to managing mature operations. At any point the external environment can throw a curve ball – new government regulations, changes in political and social dynamics, or trends in sustainability to name a few.

In our recent report Intelligent Business: 2022 Strategic Intelligence Report we asked 205 creators and consumers of intelligence within large organizations (i.e. with a turnover of over USD 250 million) about the importance of intelligence to their company. 65 percent said that strategic intelligence had grown in importance over the past five years.

And why? The top reason, chosen from a proved list of ten, was ‘increased cyber security risks’, followed by the related concern, ‘new and/or increased data privacy regulations’. Cyber security keeps the C-suite up at night and perhaps that’s no surprise.

Cyber in a silo?

Cyber attacks are crippling incidents that hurt immediately – by halting business, and continue to hurt into the longer term – by hitting company reputation. This concern isn’t new, there is wide understanding that when it comes to cyber incidents, it is about  ‘when’ not ‘if’, and all large companies will have cyber strategies in place.

Riani

However, in our research, Investing in Cyber Resilience (2021) we found that only 49 percent of companies have a fully implemented and rolled out cyber security strategy, indicating pervasive barriers to cyber strategy adoption. And who is creating and driving the cyber strategy? In traditional, siloed, organizational structures, collaboration between cyber functions and the rest of the business can be inhibited and an uphill struggle for wide understanding and adoption of cyber security.

Our research found that a key component in lifting these silos and gaining broader implementation was engagement at the very top. When organizations cite their board-level engagement in cyber strategy as ‘highly proactive’ then the implementation rates are significantly higher too.

Context of risk

Cyber security should also be viewed in a wider business context. The technical side of protecting a company from cyberattack is important, but taking a step back and considering the who and the why can add shape to one’s security strategy. And this is where strategic intelligence feeds into the cyber security puzzle.

The Ukraine-Russia war is a grim example of geopolitical risk intersecting with cyber security risk. In the months before the invasions, all the signs of imminent military action began to emerge, these red flags combined with Russia’s reputation as a leader in cyber threat activity should all raise the alert level for any companies exposed to Russian markets.

How would nation state actors respond to the war? Would this conflict spill into cyber space and what could that look like? In this context, geopolitical threat intelligence is a critical piece in understanding and planning for cyber security.

Risk, including cyber risk, cannot be viewed in isolation. The CEOs and senior leaders charged with navigating companies through the interdependencies need relevant, timely and actionable insights – the strategic intelligence that will complete the puzzle and support decision making.

About the essayist: Gala Riani is the head of strategic intelligence at S-RM a global intelligence and cyber security consultancy. Riani has experience as political advisor to Kurdistan Regional Government (KRG) and as the director on the Global Risk Analysis  at Control Risks. She has a BA from the University of Cambridge and an MSc from the London School of Economics.

The pandemic-driven remote working brought about unforeseen challenges that the pre-pandemic corporate world would have never imagined. From transitioning to a work-from-home as a ‘perk’ to a ‘necessity’, the organizations had to realign their operations and do it fast, to keep the ships afloat.

Related: Deploying human sensors

Now that the dust seems to have settled on the novelty of remote working, there’s no doubt that remote working- whether organizations like it or not is here to say. This raises the concerns of corporate data security in remote working that still stand as a key challenge that organizations are trying to navigate, workforce productivity being the second.

Organizations need to have critical business data made available to the employees that work remotely- and this could include the devices carefully vetted and secured with corporate policies and provided by the organization, but could also include the devices that are not under the organization’s purview.

Fragmentation dilemma 

The modern employees demand flexibility and you simply can’t prevent employees from accessing work emails on their phones while they surf the beach or hike the mountains- nor does it add to your organization’s overall efficiency and productivity.

But this, along with the hugely fragmented devices and endpoints used in the virtual working environment adds to the security risks that can not only drain out the IT teams but also the CIOs to a great extent.

The associated challenges include the knowns- employees connecting to unknown, insecure networks, data sharing via non-work apps allowing hackers to make a grand entry but it also includes a set of unexpected threats that are unique to the remote working environment.

Kakarala

These include lurking devices (think home automation tools and other smart devices lying around in the same room your employee works or attends confidential meetings from) to sophisticated email phishing attacks using pseudo names of the CXOs (since, well everything is virtual).

Managing endpoints securely 

Another key aspect of endpoint management, that is not security, is ensuring that remote working adds value- both to the organization as well as the employees. Engaged employees are more productive and hence making sure that employees have access to up-to-date, relevant business resources at all times, are equipped with the right tools to get work done faster and can connect to their teams without glitches is not just essential, it is imperative.

As an organization, that’s quite a mountain of checkboxes to tick and can be challenging, especially when the IT team size is petite and the infrastructure cost has to be budgeted.

To address these concerns, organizations are actively engaging in conversations to make endpoint management smoother, more cost-effective and mutually beneficial.

It starts with educating the workforce (remote or otherwise) on security since your infrastructure and data are only as secure as your employees want them to be.

Tools and best practices

The next gradual step that organizations should take is accommodating BYOD to cut down on infrastructural costs while also enabling employees to leverage flexibility. When employees are empowered to use the device they love, it can be a game changer for their productivity.

Organizations can then seek out tools for driving innovation and engagement. This has to go beyond the conventional messaging platforms. A tool that can help employees quickly share, make calls, both video and voice, and also mark down the tasks they are working on can create a seamless engagement while effectively driving conversation and collaboration.

For SMBs or organizations that are just starting, this may seem overwhelming. This is also why looking for a solution with a holistic approach can be such a tipping point. Mobile device and endpoint management solutions are hence gaining rapid traction. It’s no longer the question of ‘whether’ organizations should opt for an MDM or not, but the question of ‘when’ and ‘how fast’.

Procuring an endpoint management solution is no longer difficult. Picking the right one that solves the business problem of your organization can be transformative. And not just that, a solution that can translate your concerns into scalable solutions, is customizable to suit your needs and yet is simple to use and is hard to find but not impossible.

About the essayist: Sriram Kakarala is the Vice President of Products at ProMobi Technologies. He is one of the innovative minds behind Scalefusion, mobile device and endpoint management solution for organizations.

Vulnerabilities in web applications are the leading cause of high-profile breaches.

Related: Log4J’s big lesson

Log4j, a widely publicized zero day vulnerability, was first identified in late 2021, yet security teams are still racing to patch and protect their enterprise apps and services.  This notorious incident highlights the security risks associated with open-source software, and the challenges of protecting web applications against zero day attacks.

To improve web application security, there are basic steps an organization should take:

•Security test earlier in the development cycle

•Make sure that software and operating systems are kept up to date and patched

•Utilize a multi-layered, defense-in-depth approach.

However, the most significant protection against zero day and other attacks comes from using security technologies that sit very close to how your application works. Security solutions like runtime application protection provide the context, visibility and control to identify and block new zero-day attacks launched against your applications.

How ‘runtime’ works

Unlike traditional end point and network security solutions such as EDRs and WAFs, which sit on the edge of the network, a runtime security tool, sometimes called a Runtime Application Self-Protection (RASP) solution, sits on the same server as the application, and provides continuous security and protection for the application while it is running.

With complete visibility into the application, a runtime solution is able to directly understand the application’s execution and control flows, and it constantly monitors and analyzes an application’s execution to validate the code is operating correctly.  By continuously assessing for vulnerabilities in the instrumented code in real time, it has the context to identify new zero day attacks just as soon as they happen.

By contrast, traditional security tools that are positioned further from the application, lack complete knowledge and visibility. Such tools must rely on pattern matching, machine learning and signatures from past attacks, resulting in many false alerts and more importantly, missed zero-day attacks.

Runtime security technology also provides greater context and visibility into the attack parameters, enabling runtime tools to pinpoint exactly where the vulnerability exists in the code.  It can help the developer quickly reproduce the attack, resolve the issue in the code, and get the application back up and running in production safely.

Runtime security technologies also provide a final, and perhaps most important, benefit to web applications in production, and that is the ability to block an attack as it is happening.

Unlike matching technologies, which often have false positives, runtime security tools, have the advantage of being closer to the application. This gives the necessary context and visibility to make decisions about when a vulnerability is real and exploitable, and when an application needs to be protected from attack.

The ability to block attacks on vulnerabilities in running code is especially important when you consider that it can take developers substantial time to fix, test, and roll out the remediated code.

Pre-production scrutiny

The benefit of sitting closer to the application also applies in test environments. While there is growing emphasis on shift left, or earlier security testing in software development, traditional application testing tools such as DAST and SAST often provide overwhelming numbers of alerts, including many false positives.

Each of these alerts needs to be analyzed, wasting the security team’s time and resulting in longer debugging cycles.  Without visibility inside the application, it’s impossible to understand if and exactly where a vulnerability occurs within the code, making remediation of vulnerabilities time consuming and laborious.

Madhani

Using a model similar to runtime application security tools, technologies like Interactive Application Security Testing (IAST) use components that reside on the testing server. IAST tools watch the application code as it executes, and can identify and pinpoint the location of a vulnerability down to the filename and specific line of code, enabling a developer to quickly locate the vulnerability for correction.

Some tools, like K2’s Security Platform, take the extra step of probing the application to validate and identify only the exploitable vulnerabilities and provide an associated level of severity. This allows teams to focus on the vulnerabilities that really matter and resolve them quickly.

With more detailed visibility, IAST tools give organizations the ability to identify and address valid issues, allowing their developers to work more effectively. Teams can make educated decisions on the prioritization of vulnerabilities to remediate, which to defer, and which to release to production, while receiving assistance in the detection of false positives produced by their other tools.

By sitting closer to the application, runtime and IAST tools provide security and development teams with the context, visibility and control necessary to release secure software faster to market, and block sophisticated zero-day attacks before they wreak havoc on your company’s mission-critical business.

Isn’t it time to cozy up to your applications?

About the essayist: Pravin Madhani, is co-founder and CEO of K2 Cyber Security. He received his Masters in Computer Engineering from UT at Austin and his Bachelors in Electrical Engineering from IIT at Mumbai.